#cisco-asyncos

[ follow ]
#cve-2025-20393 #zero-day-rce #uat-9686 #email-gateway-vulnerability #chinese-linked-apt-uat-9686
Information security
fromThe Hacker News
1 day ago

Cisco Warns of Active Attacks Exploiting Unpatched 0-Day in AsyncOS Email Security Appliances

A critical AsyncOS zero-day (CVE-2025-20393) enables remote root command execution when Spam Quarantine is internet-exposed, actively exploited by China-linked APT UAT-9686.
fromTheregister
2 days ago

Attacks pummeling Cisco AsyncOS 0-day since late November

Suspected Chinese-government-linked threat actors have been battering a maximum-severity Cisco AsyncOS zero-day vulnerability in some Secure Email Gateway (SEG) and Secure Email and Web Manager (SEWM) appliances for nearly a month, and there's no timeline for a fix. Cisco disclosed the bug, tracked as CVE-2025-20393, on Wednesday and said it affects both physical and virtual SEG and SEWM appliances in certain non-standard configurations where the Spam Quarantine feature is enabled and exposed to the internet.
Information security
Information security
fromTechCrunch
2 days ago

Cisco says Chinese hackers are exploiting its customers with a new zero-day | TechCrunch

Critical Cisco AsyncOS vulnerability enables full takeover of exposed devices; no patches exist and wiping/rebuilding software is the only current mitigation.
[ Load more ]